//snippet-sourcedescription:[SetKeyPolicy.java demonstrates how to set a key policy.]
//snippet-keyword:[SDK for Java 2.0]
//snippet-keyword:[Code Sample]
//snippet-service:[AWS Key Management Service]
//snippet-sourcetype:[full-example]
//snippet-sourcedate:[8/10/2020]
//snippet-sourceauthor:[scmacdon-aws]

/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.*
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

package com.example.kms;

// snippet-start:[kms.java2_set_policy.import]
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.kms.model.KmsException;
import software.amazon.awssdk.services.kms.model.PutKeyPolicyRequest;
// snippet-end:[kms.java2_set_policy.import]

public class SetKeyPolicy {

    public static void main(String[] args) {

        final String USAGE =
                "To run this example, supply a key ID and a policy name \n" +
                        "Usage: SetKeyPolicy <key-id> <policyName>\n" +
                        "Example: SetKeyPolicy 1234abcd-12ab-34cd-56ef-1234567890ab" +
                        "default\n";

        if (args.length != 2) {
            System.out.println(USAGE);
            System.exit(1);
        }

        String keyId = args[0];
        String policyName = args[1];

        Region region = Region.US_WEST_2;
        KmsClient kmsClient = KmsClient.builder()
                .region(region)
                .build();

        createPolicy(kmsClient, keyId, policyName );
    }

    // snippet-start:[kms.java2_set_policy.main]
    public static void createPolicy(KmsClient kmsClient, String keyId, String policyName) {
        String policy = "{" +
                "  \"Version\": \"2012-10-17\"," +
                "  \"Statement\": [{" +
                "    \"Effect\": \"Allow\"," +
                // Replace the following user Amazon Resource Name (ARN) with one for a real user.
                "    \"Principal\": {\"AWS\": \"arn:aws:iam::814548047983:root\"}," +
                "    \"Action\": \"kms:*\"," +
                "    \"Resource\": \"*\"" +
                "  }]" +
                "}";
        try {

            PutKeyPolicyRequest keyPolicyRequest = PutKeyPolicyRequest.builder()
                .keyId(keyId)
                .policyName(policyName)
                .policy(policy)
                .build();

            kmsClient.putKeyPolicy(keyPolicyRequest);
            System.out.println("Done");

        } catch (KmsException e) {
            System.err.println(e.getMessage());
            System.exit(1);
        }
    }
    // snippet-end:[kms.java2_set_policy.main]
}
